No more typing reviews! Try our Samantha, our new voice AI agent.
NetWitness NDR Logo

NetWitness NDR Reviews

Vendor: NetWitness
4.0 out of 5
Leave a review

What is NetWitness NDR?

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

Get the NetWitness NDR Buyer's Guide and find out what your peers are saying about NetWitness NDR, CrowdStrike Falcon, Microsoft Defender for Endpoint and more!
NetWitness NDR is the #19 ranked solution in top Network Detection and Response (NDR) solutions, #25 ranked solution in SOAR tools, #36 ranked solution in top Threat Intelligence Platforms, #38 ranked solution in XDR Security products, #49 ranked solution in endpoint security software, and #57 ranked solution in EDR tools. PeerSpot users give NetWitness NDR an average rating of 8.0 out of 10. NetWitness NDR is most commonly compared to CrowdStrike Falcon: NetWitness NDR vs CrowdStrike Falcon. NetWitness NDR is popular among the large enterprise segment, accounting for 43% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 12% of all views.
Buyer's Guide
NetWitness NDR
March 2026
Get the report
Helped 886,719 peers since 2012

Featured NetWitness NDR reviews

Read more reviews

NetWitness NDR mindshare

Product category:
Network Detection and Response (NDR)
As of April 2026, the mindshare of NetWitness NDR in the Network Detection and Response (NDR) category stands at 3.2%, up from 2.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Network Detection and Response (NDR) Mindshare Distribution
ProductMindshare (%)
NetWitness NDR3.2%
Darktrace15.6%
Vectra AI12.2%
Other69.0%
Network Detection and Response (NDR)

PeerResearch reports based on NetWitness NDR reviews

TypeTitleDate
CategoryNetwork Detection and Response (NDR)Apr 16, 2026Download
ProductReviews, tips, and advice from real usersApr 16, 2026Download
ComparisonNetWitness NDR vs DarktraceApr 16, 2026Download
ComparisonNetWitness NDR vs Vectra AIApr 16, 2026Download
ComparisonNetWitness NDR vs TrendAI Vision OneApr 16, 2026Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.3N/A97%139 interviewsAdd to research
Microsoft Defender for Endpoint4.1N/A95%213 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Valuable features of NetWitness NDR include high detection rate, detailed traffic capture, efficient incident response, real-time malware location, lightweight performance, perfect reporting, seamless third-party integration with an easy-to-use API, and a unified dashboard. Users appreciate its interoperability across operating systems, visualizations, behavior analytics, and flexible interface. Enhanced features include instant threat response, web interface, and isolated machine capability. It operates without heavy IT management involvement and technical support is knowledgeable.
  • "The solution is stable."
  • "I would recommend others to use RSA NetWitness Endpoint at this time because they have evolved from an MD to an EDR solution to an XDR solution."
  • "The solution is scalable; it creates 3,000 lab logs per second, and I think the solution is suitable for large companies or medium to large companies."

Room for Improvement

NetWitness NDR requires improvements in contamination features and ease of use. Clicking multiple times during analysis is cumbersome. Scalability and security orchestration need enhancement. The deployment process involving MSI files is complex. Pricing and training costs are high. The tool is slow and suffers from configuration and log passing issues. Threat intelligence should be better, and the UI needs a longer session time. Integration with non-native applications and improved detection features are also necessary.
  • "The solution doesn't have a reporting engine which would be helpful."
  • "RSA NetWitness Endpoint is a scalable solution. However, the problem which we normally face is in terms of the migration of the solution."
  • "The problem with this product is that it's a bit slow."

ROI

Users indicate that NetWitness NDR significantly boosts threat detection capabilities, leading to a more secure environment and demonstrating a clear return on investment. Many highlight the efficiency in identifying and mitigating threats faster. They appreciate the comprehensive monitoring and superior analytical features. Enhanced visibility into network activities has also led to quicker response times and reduced potential losses from cyber incidents.

Pricing

NetWitness XDR offers a straightforward pricing model without setup costs, ensuring a smooth integration for users. Pricing methods typically involve subscription-based models, accommodating per-user or per-device licensing options. The pricing range is adaptable, catering to organizations of different sizes and complexities, providing comprehensive extended detection and response solutions.

  • "NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
  • "We are on a three-year contract to use RSA NetWitness Network."
  • "The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

Popular Use Cases

Organizations primarily use NetWitness NDR for contamination detection, network forensics, and IT security. It identifies incidents, scores risks, detects malware, and provides responses. It is used alongside other security devices like IPS and SIEM, logs, and packets for network and EDR. Companies such as banks and telecom firms rely on it for instant detection responses, malware analysis, digital forensics, and monitoring logs, typically deploying it on-premises.

Service and Support

Customers find NetWitness NDR technical support reliable, knowledgeable, and responsive. Some note high satisfaction and 24/7 availability, with support tiers and quick resolutions. A few express concerns about response times, sometimes taking up to two days. Many appreciate the knowledgeable staff and efficient ticketing system that prioritizes incidents. A minority thinks RSA support needs improvement.

Deployment

Most found NetWitness NDR's initial setup straightforward and easy, with some deploying in a day. One organization experienced a more complex deployment, facing issues like log failures and wiring problems, extending it to over nine months. Some noted that while basic installation was simple, creating dashboards required professional services. A few rated the process as moderate, acknowledging minor complications.

Scalability

NetWitness NDR is highly scalable for larger enterprises and medium businesses, though some users face challenges during migration due to hard-coded IP addresses. Its scalability covers thousands of endpoints and multiple users. Some users report it does not scale well, while others find it easy to scale horizontally and vertically. Specific features are highlighted compared to competitors. The user experience varies, with some praising and others criticizing the scalability.

Stability

NetWitness NDR is praised for being stable, reliable, and non-disruptive to networks. Users rate it positively, though minor issues such as technical difficulties and endpoint agent responsiveness are noted. Complex networks may experience challenges, but this does not detract from the overall performance. Users appreciate the real-time data capabilities and stability across various deployments, despite occasional power issues complicating scenarios.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our NetWitness NDR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business7
Midsize Enterprise2
Large Enterprise3
By reviewers
By visitors reading reviews
Company SizeCount
Small Business84
Midsize Enterprise65
Large Enterprise112
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
9%
Manufacturing Company
9%
Construction Company
6%
Outsourcing Company
6%
Government
6%
Performing Arts
6%
Comms Service Provider
5%
Energy/Utilities Company
4%
Healthcare Company
4%
Retailer
4%
Educational Organization
3%
Insurance Company
3%
University
3%
Recreational Facilities/Services Company
2%
Real Estate/Law Firm
2%
Media Company
1%
Hospitality Company
1%
Non Profit
1%
Transportation Company
1%
Logistics Company
1%
Legal Firm
1%
International Affairs Institute
1%
Recruiting/Hr Firm
1%
Wellness & Fitness Company
1%
Marketing Services Firm
1%
Security Firm
1%
Museum Or Institution
1%
Religious Institution
1%

Compare NetWitness NDR with alternative products

Go!

Learn more about NetWitness NDR

NetWitness NDR was previously known as RSA ECAT, NetWitness Network.

NetWitness NDR customers

ADP, Ameritas, Partners Healthcare

Related questions

  • 94
How does Network Detection and Response (NDR) Differ from SIEM?
  • 78
What aspects of network security are more concerning to small and medium-sized enterprises?
  • 59
What are the best practices for Security Operations Center (SOC)?
  • 50
What is the future of the Network Operation Center (NOC)?
  • 207
Which alternative solutions (other than Darktrace) do you recommend for an SMB?
  • 124
Why is Network Detection and Response (NDR) important for companies?
  • 25
When evaluating Network Detection and Response (NDR), what aspect do you think is the most important to look for?
  • 45
GoDaddy has been hacked again. What can be done better?
  • 51
What is Data-Centric vs Application-Centric security architecture?
  • 33
What are your top Extended Detection and Response (XDR) predictions for 2022?

Product Categories

Product Categories
Network Detection and Response (NDR)
Endpoint Protection Platform (EPP)
Threat Intelligence Platforms (TIP)
Endpoint Detection and Response (EDR)
Security Orchestration Automation and Response (SOAR)
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs NetWitness NDR Logo
CrowdStrike Falcon vs NetWitness NDR
Microsoft Defender for Endpoint vs NetWitness NDR Logo
Microsoft Defender for Endpoint vs NetWitness NDR
Cortex XDR by Palo Alto Networks vs NetWitness NDR Logo
Cortex XDR by Palo Alto Networks vs NetWitness NDR
Wazuh vs NetWitness NDR Logo
Wazuh vs NetWitness NDR
Darktrace vs NetWitness NDR Logo
Darktrace vs NetWitness NDR
SentinelOne Singularity Endpoint vs NetWitness NDR Logo
SentinelOne Singularity Endpoint vs NetWitness NDR
IBM Security QRadar vs NetWitness NDR Logo
IBM Security QRadar vs NetWitness NDR
Fortinet FortiEDR vs NetWitness NDR Logo
Fortinet FortiEDR vs NetWitness NDR
Elastic Security vs NetWitness NDR Logo
Elastic Security vs NetWitness NDR
Tanium vs NetWitness NDR Logo
Tanium vs NetWitness NDR
Microsoft Defender XDR vs NetWitness NDR Logo
Microsoft Defender XDR vs NetWitness NDR
Trellix Endpoint Security Platform vs NetWitness NDR Logo
Trellix Endpoint Security Platform vs NetWitness NDR
WatchGuard Firebox vs NetWitness NDR Logo
WatchGuard Firebox vs NetWitness NDR
TrendAI Vision One vs NetWitness NDR Logo
TrendAI Vision One vs NetWitness NDR
Check Point Harmony Endpoint vs NetWitness NDR Logo
Check Point Harmony Endpoint vs NetWitness NDR
See all alternatives
 
NetWitness NDR Reviews Summary
Author infoRatingReview Summary
Manager, IT Security Operations at a non-profit with 11-50 employees3.0We use this stable NDR solution, finding it easy to use with good support. However, threat detection needs improvement with more intelligence, as it's not very scalable and is expensive.
Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees3.5I use NetWitness Endpoint for anomaly detection and forensics, appreciating its interoperability and easy pivoting. However, its blocking feature is ineffective, requiring improvements like proper process and IP blocking, which it currently lacks.
Associate Vice President - IT Security at Inspira Enterprise4.5I rate RSA NetWitness Network 9/10, praising its stable unified dashboard and good support, delivering ROI. Improvements are needed for non-native integration and scalability. I advise due diligence for cost-effective deployment.
Senior Cybersecurity Consultant at CIA Botswana5.0I find RSA NetWitness Endpoint excellent for instant threat detection, malware analysis, and endpoint visibility. It's stable, scalable, and easy to use with great built-in features. Installation was simple, support is good, and I rate it 10/10.
Information Security Engineer at Nhq Distribution Ltd4.0I use RSA NetWitness Endpoint for IT security and log management. I value its user behavior analytics, but wish for better integration and an improved dashboard. It's a stable, scalable solution that I recommend.
Information Security Specialist at Masria Digital payments4.5I find this stable network security solution has a flexible, easy interface and straightforward setup. However, I'd like improved hunting and investigation features for better visibility. I rate it 9/10.
Security Information & Incident Analyst at a financial services firm with 1,001-5,000 employees4.0I rate this stable, scalable solution an 8/10 for its machine isolation and good ROI, despite customer support being slow. My main concerns are the missing reporting engine and the UI timing out too quickly.
Cyber Security Consultant at Mideast Data Systems4.0I've used RSA NetWitness Endpoint for seven years and find its stability very good. While I recommend it as an evolved XDR solution, I believe its threat intelligence needs improvement and hard-coded IPs hinder migration.